Mark Smith;
> > Filtering on protocol/port numbers is a broken concept.
Yes, it is.
However, it is merely as broken as PMTUD that we don't need
security discussion to deny PMTUD.
> I've understood that what you have described is the end-goal
> of end-to-end, opportunistic encryption and authentication ie.
> IPsec.
Back to the original problem, PMTUD depends on the capabilities
of intermediate systems on a path to generate certain ICMP,
generation of which is as complex as fragmentation itself,
that it is not very end to end.
That is, PMTUD is a broken concept.
Masataka Ohta
_______________________________________________
Ietf mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/ietf
